chain-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly calls out fetching public web content and services—e.g., WebFetch/WebSearch fallbacks in references/mcp-detection.md and tier-fallbacks.md and CronCreate prompts that run gh pr checks / GitHub API in references/cron-monitoring.md—and the agent is expected to read and act on those external PR/CI/docs responses (CronDelete/alert, use results to enrich analysis), which exposes it to untrusted third-party content that could carry indirect prompt-injection.